jwk

package module
v0.0.0-...-1dc2ab7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2018 License: MIT Imports: 13 Imported by: 0

README

Works OAuth id tokens on Golang

Package provides easy and secure offline method to OAuth verify id_token.

Lisense

MIT License

Problem

The https://github.com/google/google-api-go-client package doesn't provide the offline verify() for OAuth id_token, which is priority method than call api https://www.googleapis.com/oauth2/v2/tokeninfo. You can use online checking id_token, but it's significant slower:

func verifyIdToken(idToken string) (*oauth2.Tokeninfo, error) {
    srv, err := oauth2.New(httpClient)
    return srv.Tokeninfo().IdToken(idToken).Do()
}

Also https://godoc.org/golang.org/x/oauth2/jws#Verify should be able to verify tokens, but this package was marked as deprecated:

Deprecated: this package is not intended for public use and might be removed in the future. It exists for internal use only. Please switch to another JWS package or copy this package into your own source tree.

Golang offline verify the integrity of the OAuth id token

Google dev docs, how to: https://developers.google.com/identity/sign-in/web/backend-auth#verify-the-integrity-of-the-id-token

import (
	...
	"github.com/dblokhin/jwk"
	"github.com/dblokhin/jwk/providers"
)

...

        // EXAMPLE 
	tokenID := "id_token_string"

	// parse token from string
	token, err := jwk.New(tokenID, providers.GoogleProvider.Iss())
	if err != nil {
		return err
	}
	
	// verify token with Google keys provider
	err = token.Verify(providers.GoogleProvider, "your-audience")
	if err != nil {
		return err
	}
	
	// access to token fields
	userName := token.Name()
	userPhoto := token.Picture()

providers.GoogleProvider automatically caches & manages Google JWK public keys. See code inside for detail.

Another key providers

You can create your own key providers by implementing KeyProvider interface:

// KeyProvider provides public certs
type KeyProvider interface {
	// GetKeys provides keys
	GetKeys() (*oauth2.Jwk, error)

	// GetKey provides key by kid
	GetKey(kid string) (*oauth2.JwkKeys, error)
}

Contributing

You are welcome! Github issues is the best place for that's purposes.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KeyProvider 

type KeyProvider interface {
	// GetKeys provides keys
	GetKeys() (*oauth2.Jwk, error)

	// GetKey provides key by kid
	GetKey(kid string) (*oauth2.JwkKeys, error)
}

KeyProvider provides public certs

type TokenID 

type TokenID struct {
	// contains filtered or unexported fields
}

func New 

func New(tokenID string, Issuer []string) (*TokenID, error)

New parses oauth id_token

func (*TokenID) Audience 

func (t *TokenID) Audience() string

Audience returns user token Audience

func (*TokenID) Email 

func (t *TokenID) Email() string

Email returns user token Email

func (*TokenID) EmailVerified 

func (t *TokenID) EmailVerified() bool

EmailVerified returns user token EmailVerified

func (*TokenID) Name 

func (t *TokenID) Name() string

Name returns user token Name

func (*TokenID) Picture 

func (t *TokenID) Picture() string

Picture returns user token Picture

func (*TokenID) Verify 

func (t *TokenID) Verify(provider KeyProvider, audience string) error

Verify verifies oauth id token

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.